Live Training · 12 Modules · Real Threat Scenarios

Live cybersecurity coaching — here's exactly what we cover.

Prospects comparing us to KnowBe4's video library or Hoxhunt's gamification want one thing: to see what's actually in a SecurEveryone session. Here it is. Every module, every skill, every outcome.

Book a session → Jump to curriculum modules ↓
500+ professionals trained
12 curriculum modules
98% satisfaction rate
$150–$900 flat rate, all tiers
See every module below — then book a session Book now →
Core Curriculum

12 live training modules, built for today's threat landscape.

Every session draws from real 2024–25 attack patterns. No canned slides. No generic advice. Each module is updated as the threat landscape evolves.

🎣

Phishing & Social Engineering

  • Real 2024–25 attack patterns: BEC, spear phishing, vendor impersonation, and wire fraud lures
  • AiTM (adversary-in-the-middle) phishing — how OAuth token hijacking bypasses MFA
  • MFA fatigue attacks: how attackers spam approval requests until the victim relents
  • Detection playbook: URL inspection, sender anomaly, urgency escalation, payment verification
🤖

AI Voice & Deepfake Phishing

  • CFO voice-clone scams: how attackers use 3 seconds of audio to clone a CEO voice
  • Vendor impersonation calls with AI-generated urgency and authority
  • Real-case walkthrough: what a deepfake vendor invoice actually looks like in practice
  • Verification protocols: out-of-band callbacks, codewords, escalation procedures
💣

Ransomware Response & IR Basics

  • First 60 minutes playbook: incident declaration, comms tree, legal hold, evidence preservation
  • Ransom note response: what to do immediately, what not to do
  • Law enforcement notification thresholds and when to involve the FBI IC3
  • Recovery path planning: backups, decryption tools, and insurance notification
🏦

Wire Fraud & Payment Redirection

  • Real estate closing fraud: compromised email chains, spoofed wire instructions
  • M&A deal fraud: inside information used to impersonate legal counsel mid-transaction
  • Vendor switching: how attackers insert themselves between a company and its suppliers
  • Verification checklist: dual-channel confirmation, call-back rule, finance approver chain
🔑

Password & MFA Hygiene

  • Passkey migration: FIDO2/WebAuthn, how it eliminates phishing, migration strategy
  • Hardware security keys: YubiKey, Google Titan — when to use and how to deploy
  • Breach checklist: how to check if your email or domain is in a known breach
  • Password manager guidance: shared vs. individual vaults, break-glass procedures
📱

Mobile & Home Network Security

  • Smishing (SMS phishing): how to spot spoofed package alerts, bank notifications, and tax scams
  • Public WiFi risks: evil twin attacks, session hijacking, VPN enforcement
  • IoT device hygiene: routers, smart home devices, camera systems — what to harden first
  • Mobile device management: screen lock, remote wipe, BYOD policy framework
📂

Data Handling & Insider Risk

  • Data classification: public, internal, confidential, restricted — how to apply it
  • Insider threat indicators: anomalous access, data egress, privilege escalation
  • Clean desk and screen lock policy: social engineering through physical access
  • Third-party data sharing: vendor risk, contract clauses, notification obligations
📋

Compliance-Specific Tracks

  • HIPAA: PHI handling, breach notification timelines, role-based access requirements
  • PCI-DSS: cardholder data environment, requirement 12.6 security awareness training
  • SOC 2: employee awareness controls, supplier risk management
  • FTC Safeguards Rule (small business): written policies, access reviews, incident response plan
  • IRS WISP: tax preparer cybersecurity obligations, data retention, client data protection
🛡️

Executive Protection (Leadership Only)

  • Whaling attacks: board member impersonation, forged legal correspondence
  • Deepfake CEO scenarios: voice clone wire requests and how to verify them
  • Travel security: public WiFi, hotel networks, location data exposure, executive OSINT
  • Personal brand exposure: how attackers use public LinkedIn, conference lists, and family details
🚨

Incident Response Tabletop (Advanced)

  • Fully simulated ransomware scenario with decision points across multiple rounds
  • Communication under pressure: who to notify, when, and what to say
  • Board-level incident reporting: timing, content, and regulator notification thresholds
  • Recovery validation: how to confirm backups are clean before restoring
🏠

Secure Remote Work

  • VPN discipline and split-tunnel risks in a cloud-first world
  • Home network hardening: router config, DNS over HTTPS, firewall rules
  • Shadow IT audit: unauthorized cloud services, personal accounts, unsanctioned devices
  • Device posture checks: screen lock, disk encryption, OS patch compliance
🔗

Third-Party & Supply Chain Security

  • Vendor risk assessment: what to ask before granting access to systems or data
  • Fourth-party risk: when your vendor gets compromised and what that means for you
  • SOC 2 vendor questionnaire walkthrough: what the Type II report actually tells you
  • Contract clauses: liability, notification obligations, breach response SLAs
Free Download

Test your team's phishing detection before booking training.

The Phishing Test Kit includes 5 real-world email templates with answer key and debrief script. Use it before a session to identify your team's specific blind spots — then we'll tailor the training to those gaps.

Download the Phishing Test Kit →
🎣 Phishing Test Kit
5 templates + answer key
Session Format

What a SecurEveryone session actually looks like.

  • 🎥 Live Zoom — expert instructor, not a recording. Questions answered in real time.
  • 💬 Interactive Q&A — your team asks about your specific situation, not generic scenarios.
  • 🧪 Live threat demos — we show real attack examples (sandboxed, redacted) so your team sees exactly what phishing, deepfakes, and BEC look like in practice.
  • 🎭 Role-play scenarios — we walk through decision points: a suspicious wire request, a vendor callback, a deepfake voicemail. Your team practices the response before it matters.
  • 📋 Post-session resources — attendees receive a PDF summary, key takeaways, and a checklist they can apply immediately. Recordings retained 90 days.
60–90 min
Live Zoom
Individual sessions
Expert instructor, real-time Q&A
Role-play scenarios built around your threat profile
2 hrs
Live Team Webinar
Business tier
Unlimited participants
Interactive Q&A + scenario exercises
Who's it for

Find the training tier that fits your team.

Every tier includes a live expert instructor, real scenarios, and documented completion records for your compliance file.

👤 Individual
$150 / session

One-on-one training for professionals who need documented compliance training. Covers all core modules at a personal level. Attendance record provided.

Book Individual →
🏢 Executive
$390 / session

Leadership-only sessions covering whaling, deepfake CEO scams, OSINT exposure, travel security, and board-level incident reporting. Management body training for NIS2 Art. 20 and DORA Art. 5.

Book Executive →
🧑‍🤝‍🧑 Business
$900 / flat

Unlimited participants. 2-hour comprehensive team session covering all modules. No per-seat fees. Includes attendance report for your entire team — compliance-ready documentation.

Book Business →
Learning Outcomes

After training, your team can…

Every module is built around a concrete, testable skill — not just awareness, but capability.

Identify AiTM phishing attempts and understand why they bypass traditional MFA
Apply the dual-channel verification rule before approving any wire transfer
Recognize MFA fatigue attacks and know when to deny a push notification
Execute the first 60 minutes of an incident response playbook without panicking
Verify an out-of-band callback for any vendor or executive payment request
Distinguish legitimate deepfake audio from real calls using structured verification
Spot a smishing (SMS phishing) attempt and report it through the correct channel
Assess whether a vendor request triggers your third-party risk review process
Check if their work email appears in a known data breach using HaveIBeenPwned
Enforce your password policy and use a hardware security key where appropriate
Identify insider threat indicators before they escalate to a data breach
Assess their personal OSINT exposure and take steps to reduce it
Tailored to Your Organisation

We build the session around your industry and threat profile.

  • 🏥 Dental practices get HIPAA-specific scenarios. CPA firms get IRS WISP content. Hotels get PCI-DSS v4.0 Req. 12.6 coverage.
  • 🎯 During booking, we ask about your top threats. The instructor reviews your industry profile before the session — not a generic slide deck.
  • 🔄 Tabletop exercises can be built around your specific tools, vendors, and workflows — not generic ransomware playbooks.
  • 📊 Team sessions include a post-session summary that maps covered modules to your compliance obligations.
Industry-specific training

We serve 20+ industries, from dental practices to boutique hotels. Every session draws from real attack patterns that target your sector. See the full list of industries we cover.

Browse industry programmes →
Common Questions

Frequently asked.

How long is a typical session?
Individual and Executive sessions run 60–90 minutes. Business team sessions run up to 2 hours, with time for Q&A built in. Sessions can be split into two shorter blocks if needed.
How many people can attend a team session?
Business tier has no participant cap — your entire team attends the same live session. For large organisations (100+ employees), we can run concurrent breakout sessions on the same day.
Can we get a recording?
Yes. After the session, we email a link to the recording plus a PDF summary of topics covered and recommended next steps. Recordings are retained for 90 days.
Is there follow-up support after training?
Executive and Business sessions include a written attendance record and a session summary memo that can be filed for compliance purposes. Business tier clients also get a 30-day email Q&A window — your team can send follow-up questions directly to the instructor.
How often should we do refresher training?
For most organisations, annual training is the minimum. High-risk roles (finance, HR, executives) benefit from six-monthly refreshers. We offer discounted bundle pricing for organisations that want to run two sessions per year.
Do we receive a certificate of completion?
Yes. Every participant receives a personalised certificate of completion. Business sessions include an aggregate attendance report listing all participants and the date — ideal for compliance documentation.
Can you tailor the content to our industry?
Yes. Every session is adjusted for your industry threat profile. A dental practice gets different scenarios than a CPA firm or a manufacturer. During booking, we ask about your industry and top threat concerns so the instructor can prepare relevant case studies.
How does pricing work for custom content?
Standard sessions are $150 (Individual), $390 (Executive), or $900 flat for unlimited team members. Custom content requests — such as custom tabletop scenarios based on your specific vendors or tools — are quoted separately. Contact us before booking if you have custom requirements.

Now you know exactly what's in the session. Book yours.

Individual ($150), Executive ($390), or Business team ($900 flat, unlimited users). Industry-specific content. Real instructors. Attendance records for your compliance file.

Book a session → Browse industry programmes →